IE Exploit Used in Google Attacks
by Don Fosen on Jan.21, 2010, under Microsoft
A bug in Internet Explorer was used by what appears to be Chinese government sponsored hackers to access the email accounts of Chinese dissidents. Microsoft has stated that this problem exists mainly in Internet Explorer 6 but there is some question in the industry about how this issue affects the more recent iterations of IE. Some reports claim that the bug exists but it would only crash IE, not allow access to protected data. Microsoft is expected to release a patch by February 9th at the latest.
This is a great example of why it is so critical to keep current on Windows updates, many of the updates Microsoft is releasing now are fixing serious security problems, not just for Internet Explorer but all of Microsoft’s products. I also highly recommend Firefox (download here) for those of you who have not tried it. It has an occasional security problem as well but overall appears to be more secure than Internet Explorer.
Additional Information:
Google Blog Post About Incident
Microsoft Security Response
Hacking Code Made Public
Hackers Wield Newest IE Exploit
Update: Yesterday (Thursday January 21st) Microsoft released an emergency patch for this bug. Please make sure you are current on Windows Updates.
